You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ofbiz.apache.org by Jacques Le Roux <ja...@les7arts.com> on 2022/09/02 06:38:07 UTC
Apache OFBiz - Unauth Stored XSS (CVE-2022-25370)
Severity:
High
Vendor:
The Apache Software Foundation
Versions Affected:
OFBiz versions prior to 18.12.06
Description:
The Birt viewer version 4.5.0 has a security issue that allows this exploit.
We waited long for https://github.com/eclipse/birt/issues/625
to resolve but eventually decided to release OFBiz 18.12.06 without
the Birt component
Mitigation:
Upgrade to at least 18.12.06
Credit:
npodotykin@ptsecurity.com
References:
http://ofbiz.apache.org/download.html#vulnerabilities